Copyright 1993 IDG Communications, Inc.
InfoWorld
July 19, 1993
SECTION: NOTES FROM THE FIELD; Pg. 98
LENGTH: 615 words
HEADLINE: DoubleSpace may not scan your hardware, but DEF CON denizens do
BYLINE: Robert X. Cringely
BODY:
DEF CON I, last week in Las Vegas, was both the strangest and the best
computer event I have attended in years. The hackers, crackers, and phone
phreaks' convention was shut down for a while when security at the Sands Hotel
didn't like people sleeping overnight in the meeting room. And several of the
hackers present (median age 17) were shaken to find their Operation Sun Devil
prosecutor sitting in the back of the room (she was one of the speakers). "I'm
not here to bust you," she told the very interested crowd. "Just don't commit
any felonies in front of me."
I'll have to try that line at Comdex.
DOUBLE TROUBLE
There were almost too many DEF CON highlights to relate, but one of my
favorite moments was when a computer security guy from Sun Microsystems (name
withheld to protect this guy from himself) gave a lecture on how to break into
Unix systems. "After tracking more than a thousand break-ins at Sun," he said,
"I am really tired of the same old techniques. Here are some new ideas. . . ."
The kids at Microsoft are busily working to implement an old idea to improve
DoubleSpace, the compression utility in DOS 6. DoubleSpace doesn't scan your
hard disk for defects and so can write data onto bad blocks, ruining your whole
day. Scanning for hardware defects will be in the next version.
On a similar theme, using the DOS 6 format on a freshly low-level-formatted
drive can erase some bad sector/physical defect information. DOS 5 did this,
too, but nobody noticed.
Not wanting to beat too hard on Microsoft, I still have to report that the
folks at PC World last week received autodemo disks of MS Publisher and Word
that were contaminated with the Forms virus.
SUBOPTIMAL
Viruses were a hot topic at DEF CON, especially when Mark Ludwig, author of
the Little Black Book of Computer Viruses, threatened to release a virus that
could be used to password-encrypt everything on everyone's hard disks. The idea
here is not to encrypt without your permission (you could choose your own
password or even decide not to encrypt), but rather to use the virus as a
software distribution method. What a concept!
Lord knows that distributing softwareon floppies has problems, too. The
install program for QEMM 7.0 asks for the serial number on the installation
disk, except there is no serial number on the installation disk. Use the serial
number from your invoice.
On the plus side, QEMM 7.0 seems to work well, though with some oddities.
Remember, the following section refers to my machine, so your mileage may vary.
The Stealth feature may work fine, but since it requires a page frame to
operate, it didn't make sense for me to give up 64KB to a page frame just to
gain 64KB of high RAM and lose 32-bit disk access in Windows. Running Optimize
did free 12KB but cut Landmark performance on my 386/25 from 33 to 28: Forget
that. Still, by throwing out the DOS-UP drivers, I got 642,256 bytes free,
which beats HIMEM/EMM386.
After the episode with hotel security, a few disgruntled DEF CON attendees
located the hotel's PBX barrier code, isolated the Sands VAX machine, and had
the administrator's password ready to go. "Let us know if they give you a hard
time, and we'll take care of it," the hackers told DEF CON organizers, who
wisely backed off, fearing reprisals from Guido the Kneecapper.
Not even Cringe calls were completely secure. "Did you realize as soon as
you got that cell call and got up to leave the room that four scanners clicked
on and a coordinated effort was put forth to find your frequency?" asked Dark
Tangent, the father of DEF CON. "Hope it wasn't a sensitive call."
GRAPHIC: Picture, no caption, FRED MACK
LANGUAGE: ENGLISH